FireEye Computer Security Firm Acquires Mandiant

SAN FRANCISCO — In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye, a provider of security software, has acquired Mandiant, a company known for emergency responses to computer network breaches.

The deal, in both cash and stock, is worth more than $1 billion, based on the current value of shares in FireEye.

The acquisition, which closed on Monday but was not publicly announced until after the markets closed on Thursday, was one of the biggest security deals of 2013. It merges two darlings in the $67 billion global computer security market that together could form a formidable competitor to antivirus giants like Symantec and Intel’s McAfee.

David G. DeWalt, FireEye’s chairman and chief executive, ran McAfee before it was sold to Intel in 2010. Mr. DeWalt was rumored to be a contender for the top job at Intel, but surprised company insiders when he left to join FireEye in 2012.

Mandiant is best known for sending in emergency teams to root out attackers who have implanted software into corporate computer systems. Much of its work focused on attacks from China, and last year it made headlines with a detailed study of a hacking group known as “Comment Crew” that provided the strongest evidence yet that the hackers were closely linked to a unit of China’s People’s Liberation Army, outside Shanghai.

The combination of the two companies — one that detects attacks in a novel way, another that responds to attacks — comes as corporate America has become wary of relying on the federal government to monitor the Internet and warn of incoming attacks.

That wariness has increased since the revelations of Edward J. Snowden, the former National Security Agency contractor who removed thousands of documents before he took temporary refuge in Moscow.

The documents have made it evident to companies that the United States monitors allies as well as adversaries, including friendly governments, international organizations and the networks of some Internet companies. Some could turn to companies like FireEye and Mandiant for protection, an interesting twist since many of Mandiant’s employees come from the American intelligence world.

“After the Snowden events, in the current political climate, no one can say to the government, ‘Please, come on in and monitor our networks,’ ” said Kevin Mandia, the founder of Mandiant who will become chief operating officer of the combined company.

Mandiant is privately held, and the big winners in the acquisition will be Mr. Mandia, the company’s founder, Mr. DeWalt, who joined Mandiant’s board as chairman in 2012, and the company’s venture backers. Mandiant has raised $70 million from Kleiner Perkins Caufield & Byers, the venture capital firm, and One Equity Partners, an investment arm of JPMorgan Chase.

FireEye’s success so far has depended on a technology for detecting attacks that works quite differently from most antivirus products. Most products monitor the web and identify malicious software that has already begun to hit victims around the world.

But by the time the attack has been identified and blocked, the malicious software has already had a chance to do damage — siphoning a company’s trade secrets, erasing data or emptying a customer’s bank account.

FireEye’s software isolates incoming traffic in virtual containers and looks for suspicious activity in a sort of virtual petri dish before deciding whether to let the traffic through.

“Companies are spending tens of billions of dollars of their money on a model that doesn’t work,” Mr. DeWalt said. “It’s going to take people and products working together.”

Mandiant was frequently called in after FireEye found malware. In those cases, it used its own threat detection technology to determine where the attack was coming from and to design countermeasures.

In an interview, Mr. Mandia and Mr. DeWalt said the combined company would be able to notify its customers as soon as it detected abnormal behavior, execute a temporary fix and then dispatch a Mandiant team to take further steps. It will also give Mandiant more reach: FireEye works with more than a thousand customers, including 40 state military operations, around the globe.

Mandiant had $100 million in revenue in 2012, up more than 76 percent from the previous year. Mandiant responded to attacks by Chinese hackers at The New York Times and The Wall Street Journal last year. About 95 percent of its business is domestic and it was just beginning to develop an international presence.

In April 2012, the companies began teaming up on various product initiatives. In February, they began integrating FireEye’s software with Mandiant’s threat detection products after seeing that many of their customers were already deploying their products and services together.

Then, a few months ago, the two chief executives started discussing a deal.

On Monday, the boards of both companies agreed to terms in which FireEye will pay Mandiant shareholders $106.5 million in cash and 21.5 million shares and options.

Under the deal terms, Mandiant will become an operating subsidiary of FireEye, and Mr. Mandia will oversee FireEye’s services, cloud and endpoint security operations.

Mr. Mandia said that before initiating acquisition talks, he had considered taking Mandiant public. He said he began to warm to the idea of an acquisition in the last few months, when he saw that FireEye’s detection products would be a “natural fit” for Mandiant’s expertise in responding to breaches.

The market has already shown an enthusiasm for FireEye’s products. Since the company made its debut on the Nasdaq in September, its stock price has more than doubled. That has made it the most successful initial public offering of a security company in 2013 and a big gain for FireEye’s founder, Ashar Aziz, a former Sun Microsystems engineer who started the company in 2004, and FireEye’s venture capital backers like Norwest, Sequoia Capital and In-Q-Tel, the venture arm of the Central Intelligence Agency, and others.

FireEye now has a $5 billion market capitalization, though it has yet to turn a profit.

On Thursday, when the company announced the Mandiant acquisition, it also announced that it had exceeded its fourth-quarter revenue guidance. The company said it anticipated total revenue for 2013 to be $159 million to $161 million, compared with previous guidance of $156 million to $158 million. The guidance, and news of the merger, sent FireEye’s stock up 22.5 percent in after-hours trading.

Nicole Perlroth reported from San Francisco and David E. Sanger from Weston, Vt.

A version of this article appears in print on , on Page B1 of the New York edition with the headline: Acquisition Combines 2 Darlings Of Security. Order Reprints | Today’s Paper | Subscribe

Interested in All Things Tech?

The Bits newsletter will keep you updated on the latest from Silicon Valley and the technology industry.